Rafael dos Santos Silva
e866e3d609
FEATURE: Add global rate limit for anon searches ( #10208 )
2020-07-10 09:08:34 +10:00
Guo Xiang Tan
d5c56a846a
DEV: Only failover the entire cluster when the default db goes down.
2020-07-09 11:49:03 +08:00
Martin Brennan
31e31ef449
SECURITY: Add content-disposition: attachment for SVG uploads
...
* strip out the href and xlink:href attributes from use element that
are _not_ anchors in svgs which can be used for XSS
* adding the content-disposition: attachment ensures that
uploaded SVGs cannot be opened and executed using the XSS exploit.
svgs embedded using an img tag do not suffer from the same exploit
2020-07-09 13:31:48 +10:00
Guo Xiang Tan
fd38c2fac3
FIX: Force ActiveRecord reading role if Redis is down take 2.
...
follow-up f03c7a1ba1
2020-07-09 11:14:19 +08:00
Guo Xiang Tan
f03c7a1ba1
FIX: Force ActiveRecord reading role if Redis is down.
2020-07-09 11:13:02 +08:00
Kris
66257ca8b6
FEATURE: Add "smallest" option to user text size preferences
2020-07-07 13:08:19 -04:00
Bianca Nenciu
6705c45156
FEATURE: Add reply_as_new_group_message composer action ( #10168 )
2020-07-07 18:30:48 +03:00
Joffrey JAFFEUX
56475f57c5
UX: simplifies editing email templates by always having a default ( #10179 )
2020-07-07 11:44:13 +02:00
Daniel Waterworth
1bd8a075d8
FIX: Make Email::Styles operate on html documents instead of fragments
...
`Nokogiri::HTML.fragment` is a huge hack (a comment in the source code
admits this). The current behavior of `Email::Styles` is to try to
emulate `fragment` using nokogumbo, but it misses some edge cases. In
particular, meta tags in a email template don't make it through to the
final email.
Instead of treating the provided HTML as an indeterminate fragment, this
commit makes `Email::Styles` treat the HTML as a complete document. This
means that the generated HTML for an email will now always contain top
level structure (a doctype, html, head and body tags).
This new behavior is behind a hidden site setting for now and defaults
off.
2020-07-06 11:45:39 +01:00
David Taylor
5284d41a8e
FEATURE: Optionally skip the create account popup for external auth
2020-07-06 10:18:57 +01:00
David Taylor
977766e7a8
FEATURE: sso_overrides_(email|username|name) for all auth methods
...
These settings previously applied only to discourse-sso. Now they work for all external authentication methods.
2020-07-06 10:18:45 +01:00
Sam Saffron
199a53e936
UX: suppress "in reply to" section in emails by default
...
Previously we would include this section, unfortunately
1. It is usually elided in gmail
2. It can make the emails longer and more confusing
3. Omission is a feature, it means people need to visit site to get context
2020-07-06 10:40:04 +10:00
Guo Xiang Tan
af52df2d96
DEV: Add hidden site setting for PG search ranking normalization.
2020-07-02 14:11:18 +08:00
Guo Xiang Tan
82964265cc
DEV: Remove logster current context config.
...
Multisite middleware sits at the top of the middleware stack.
2020-07-01 11:44:22 +08:00
Mark VanLandingham
cd5cfc1496
FEATURE: Site setting to always show category definitions ( #10124 )
2020-06-29 13:22:02 -05:00
Guo Xiang Tan
2c4c953bf8
DEV: Avoid logging errors on bad Redis connection during PG failover.
2020-06-29 11:54:55 +08:00
Sam Saffron
88459e08c9
FEATURE: allow disabling of extra term injection in search
...
There is a feature in search where we take over from the tokenizer
in postgres and attempt to inject more words into search.
So for example: sam.i.am will inject the words i and am.
This is not ideal cause there are many edge cases and this can
cause extreme index bloat.
This is an opening move commit to make it configurable, over the
next few weeks we will evaluate and decide if we disable this by
default or simply remove.
2020-06-25 13:36:52 +10:00
Guo Xiang Tan
42a6c8a85f
DEV: Rescue from ActiveRecord::Readonly error in lograge.
2020-06-25 10:25:28 +08:00
Neil Lalonde
8e07ee7e36
Update translations
...
Carefully because permalink.external_url is untranslated in many
locales due to a recent change in client.en.yml in 516a03be09
.
2020-06-24 10:47:45 -04:00
Guo Xiang Tan
27b2e335ef
DEV: Retry on distributed mutex timeout error when starting sidekiq.
...
We need Sidekiq to start `mini_scheduler` no matter what. Timeouts
happen when trying to boot an app with Redis in readonly mode.
2020-06-23 15:43:28 +08:00
Bianca Nenciu
68f767a557
FEATURE: Check if selectable avatars exist before enabling them ( #10032 )
2020-06-22 16:58:26 +03:00
Bianca Nenciu
685646540a
FIX: Hide PM tags if the site setting is disabled ( #10089 )
...
* FIX: Hide PM tags if the site setting is disabled
* Apply code suggestions
2020-06-22 16:48:24 +03:00
Guo Xiang Tan
3370ef188e
FEATURE: Remove deprecated uploads url site settings.
...
The site settings have been replaced with direct image upload since
Discourse 2.3.
2020-06-22 14:32:29 +08:00
Martin Brennan
516a03be09
FIX: Improve admin permalink UX ( #10101 )
...
The admin permalink list was a little tricky to use because the URLs are easily reduced with a ... if they are too long. This adds a copy to clipboard button for the URL and a title on hover so the full text of the URL can be seen.
2020-06-22 13:14:16 +10:00
Gerhard Schlager
390dc5c7a9
Update translations
2020-06-21 11:58:21 +02:00
Robin Ward
4a2871f7f6
FEATURE: Don't display muted/ignored users under "who liked" ( #10084 )
...
* FEATURE: Don't display muted/ignored users under "who liked"
Previously, if you clicked on the heart icon below a post
it would show you the avatar for a user even if you ignored or muted
them.
This commit will instead display a (?) icon. The count of likes will
remain correct, but you needn't be reminded of the person you
preferred not to see.
* Use a circle instead of (?) for unknown user
2020-06-19 10:44:21 -04:00
Robin Ward
494a27dc27
FIX: A much nicer error message if you can't ignore/mute a user
2020-06-18 13:41:27 -04:00
Patrick Schleizer
2d63d7d05e
make unix domain sockets listening example match web.socketed.template.yml ( #10060 )
2020-06-18 11:30:08 -04:00
Bernhard Suttner
e31471585a
DEV: allow to have duplicate topic titles if categegory is different ( #10034 )
...
Co-authored-by: Robin Ward <robin.ward@gmail.com>
Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-06-18 11:19:47 -04:00
Jeff Atwood
978aba632e
minor copyedit on site setting description
2020-06-17 14:13:52 -07:00
David Taylor
159fc41f40
FIX: Restore missing translation keys
...
These were accidentally removed/renamed in 5bfe1ee4
2020-06-17 14:24:22 +01:00
Joffrey JAFFEUX
9da3a7f436
FEATURE: allows published pages to be public ( #10053 )
2020-06-17 12:42:20 +02:00
Samuel Carvalho Santos
ce37561e10
UX: Improve revert label in post history modal ( #10038 )
2020-06-16 11:31:25 -04:00
Jeff Atwood
2bbb870b11
copyedit on push icon help text
2020-06-15 22:43:55 -07:00
Guo Xiang Tan
def4cd33ea
DEV: Disable Redis warnings.
2020-06-16 12:53:04 +08:00
Guo Xiang Tan
c611f3703c
DEV: Don't use logster when logging in Redis failover.
2020-06-16 11:53:52 +08:00
Guo Xiang Tan
b08a0d15c4
DEV: Fix undefined method due to rails_failover.
2020-06-16 11:03:57 +08:00
Guo Xiang Tan
092ae858af
DEV: Bump rails_failover.
...
Avoid configuring AR stuff if `replica_host` and `replica_port` hasn't
been provided.
2020-06-16 10:51:21 +08:00
Guo Xiang Tan
402b80f306
DEV: Make rails_failover compatible with SKIP_DB_AND_REDIS
env.
2020-06-15 16:23:24 +08:00
Guo Xiang Tan
e0d798c06c
DEV: Fix undefined method.
2020-06-15 16:04:41 +08:00
Guo Xiang Tan
f38438c6de
DEV: Don't configure rails_failover is db and redis is skipped take 2
2020-06-15 16:02:30 +08:00
Guo Xiang Tan
e0fdf41537
DEV: Don't configure rails_failover is db and redis is skipped.
2020-06-15 15:56:57 +08:00
Guo Xiang Tan
58e52c0e4f
DEV: Use rails_failover gem for ActiveRecord and Redis failover handling
2020-06-15 15:47:07 +08:00
Guo Xiang Tan
d8cd912769
DEV: Switch to db config to disable advisory locks.
2020-06-15 14:33:41 +08:00
Martin Brennan
35a157619a
FEATURE: Add "Now" as an option (default hidden) to the future date input selector ( #10047 )
...
Sometimes you need to schedule things from now onward. "Now" in this case is now + 1 minute. this option is hidden by default.
2020-06-15 14:06:03 +10:00
Guo Xiang Tan
0ff86b00cb
DEV: Upgrade Redis to 4.2.1.
2020-06-15 10:05:22 +08:00
Gerhard Schlager
36a3675e0a
Update translations
2020-06-14 23:39:33 +02:00
Guo Xiang Tan
c9964b95ce
DEV: Increase log level for /srv/status
route.
...
This reduces the amount of noise in our logs.
2020-06-12 12:17:28 +08:00
Guo Xiang Tan
78b5ab746c
DEV: No longer need to clear anon cache when toggling readonly mode.
2020-06-12 09:58:17 +08:00
Guo Xiang Tan
dc4071dfef
DEV: Use Rails.logger
instead of logster for rails_failover callbacks
...
`Discourse.warn_exception` logs to logger by default but it means we
lose all the backtrace when the logs are written to the log file.
2020-06-11 17:24:32 +08:00